Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(214)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/platform/image-decoders/gif/GIFImageReader.cpp

Issue 15914009: More tolerant about malformed GIF files (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: added test file Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/WebKit/chromium/tests/data/radient-bad-terminator.gif ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 1 /* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* ***** BEGIN LICENSE BLOCK ***** 2 /* ***** BEGIN LICENSE BLOCK *****
3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 * 4 *
5 * The contents of this file are subject to the Mozilla Public License Version 5 * The contents of this file are subject to the Mozilla Public License Version
6 * 1.1 (the "License"); you may not use this file except in compliance with 6 * 1.1 (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at 7 * the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/MPL/ 8 * http://www.mozilla.org/MPL/
9 * 9 *
10 * Software distributed under the License is distributed on an "AS IS" basis, 10 * Software distributed under the License is distributed on an "AS IS" basis,
(...skipping 466 matching lines...) Expand 10 before | Expand all | Expand 10 after
477 break; 477 break;
478 } 478 }
479 479
480 case GIFGlobalColormap: { 480 case GIFGlobalColormap: {
481 m_isGlobalColormapDefined = true; 481 m_isGlobalColormapDefined = true;
482 GETN(1, GIFImageStart); 482 GETN(1, GIFImageStart);
483 break; 483 break;
484 } 484 }
485 485
486 case GIFImageStart: { 486 case GIFImageStart: {
487 if (*currentComponent == ';') { // terminator.
488 GETN(0, GIFDone);
489 break;
490 }
491
492 if (*currentComponent == '!') { // extension. 487 if (*currentComponent == '!') { // extension.
493 GETN(2, GIFExtension); 488 GETN(2, GIFExtension);
494 break; 489 break;
495 } 490 }
496 491
492 if (*currentComponent == ',') { // image separator.
493 GETN(9, GIFImageHeader);
494 break;
495 }
496
497 // If we get anything other than ',' (image separator), '!' 497 // If we get anything other than ',' (image separator), '!'
498 // (extension), or ';' (trailer), there is extraneous data 498 // (extension), or ';' (trailer), there is extraneous data
499 // between blocks. The GIF87a spec tells us to keep reading 499 // between blocks. The GIF87a spec tells us to keep reading
500 // until we find an image separator, but GIF89a says such 500 // until we find an image separator, but GIF89a says such
501 // a file is corrupt. We follow GIF89a and bail out. 501 // a file is corrupt. We follow Mozilla's implementation and
502 if (*currentComponent != ',') 502 // proceed as if the file were correctly terminated, so the
503 return false; 503 // GIF will display.
504 504 GETN(0, GIFDone);
505 GETN(9, GIFImageHeader);
506 break; 505 break;
507 } 506 }
508 507
509 case GIFExtension: { 508 case GIFExtension: {
510 size_t bytesInBlock = currentComponent[1]; 509 size_t bytesInBlock = currentComponent[1];
511 GIFState es = GIFSkipBlock; 510 GIFState es = GIFSkipBlock;
512 511
513 switch (*currentComponent) { 512 switch (*currentComponent) {
514 case 0xf9: 513 case 0xf9:
515 es = GIFControlExtension; 514 es = GIFControlExtension;
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after
816 rowPosition = 0; 815 rowPosition = 0;
817 rowsRemaining = m_frameContext->height; 816 rowsRemaining = m_frameContext->height;
818 817
819 // Clearing the whole suffix table lets us be more tolerant of bad data. 818 // Clearing the whole suffix table lets us be more tolerant of bad data.
820 suffix.fill(0); 819 suffix.fill(0);
821 for (int i = 0; i < clearCode; i++) 820 for (int i = 0; i < clearCode; i++)
822 suffix[i] = i; 821 suffix[i] = i;
823 stackp = 0; 822 stackp = 0;
824 return true; 823 return true;
825 } 824 }
OLDNEW
« no previous file with comments | « Source/WebKit/chromium/tests/data/radient-bad-terminator.gif ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698